On June 2, the White House released its Executive Order on “Promoting Advanced Artificial Intelligence Innovation and Security.” In an era where AI capabilities are advancing faster than ever, this executive order mandates the rapid modernization and cyber defense of federal and critical information systems by adopting advanced, secure AI tools while explicitly prohibiting mandatory licensing or permitting for AI model development or release.
We are encouraged to see the order recognize that innovation and security are not competing priorities, but two sides of the same coin. As we recently outlined in our comments to the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) on AI agent identity, realizing the machine-speed productivity of AI requires extending Zero Trust principles to autonomous systems. Let's break down the key initiatives.
Why this matters
The order makes a clear statement of policy: The US will promote AI innovation and security by working collaboratively with the private sector to modernize and harden government and private-sector information systems against external threats, to protect American ingenuity and intellectual property from theft by adversaries, and to cultivate America's advanced AI-enabled capabilities.
That collaborative, public-to-private approach is the community-driven model that produces the most defensible outcomes. By prioritizing the rapid modernization of federal and critical infrastructure cyber defenses while preserving market innovation, this order addresses the defining security challenge of the AI era: Securing AI agents and the agentic enterprise.
Key AI innovation and security initiatives
As AI models and agents have become increasingly powerful, identity has become the foundational layer. Traditional identity answers “Who are you?”—but in the agentic era, we must answer, “What are you authorized to do on my behalf?”—effectively granting a secure “power of attorney” to AI. That is the lens we bring to each of the key initiatives outlined in the executive order.
Section 2: Upgrading American systems for advanced AI
Section 2 directs swift action across the government. Within 30 days, the Committee on National Security Systems must prioritize the cyber defense of national security systems, and the Secretary of War must prioritize the cyber defense of Department of War information systems.
Within the same 30-day window, the Secretary of Homeland Security, through the Director of the Cybersecurity and Infrastructure Agency (CISA) and in consultation with the Office of Management and Budget (OMB), the National Security Agency (NSA), and the National Cyber Director, is directed to release binding operational directives and other guidance to expedite the cyber defense of civilian federal government information systems, expand federal programs that enhance AI-enabled defensive tools, and facilitate access to cybersecurity tools and services, including covered frontier models where appropriate.
That last point deserves attention. The order extends this access to federal agencies, state and local authorities, and operators of critical infrastructure such as rural hospitals, community banks, and local utilities. The organizations that often have the fewest resources are frequently the ones serving our most vulnerable communities. Bringing them into the fold, rather than leaving them to fend for themselves, reflects a community approach to security that we have championed for years.
The order also creates an AI cybersecurity clearinghouse. Within 30 days, the Secretary of the Treasury, in consultation with the National Cyber Director, the NSA, and CISA, is directed to establish this clearinghouse in voluntary collaboration with the AI industry and operators of critical infrastructure, coordinating vulnerability scanning, validation, and the prioritized distribution of patches.
How Okta sees it
Identity is the foundation of any modern defense posture, and it is now the foundation for securing agentic workflows. To prevent the high-risk implicit trust model that can emerge with autonomous AI, organizations must implement continuous, dynamic authorizations.
By leveraging Okta for AI Agents and foundational identity standards like the OpenID Foundation’s Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) and the emerging Cross App Access (XAA) protocol, Okta is positioned to help the public sector and critical infrastructure operators—from community banks to rural healthcare networks—safely adopt advanced AI tools.
As agencies move quickly to harden their systems, phishing-resistant authentication and strong access controls are the first line of defense against the very threats this order is trying to address. We look forward to partnering with CISA and the Department of the Treasury to embed identity-centric security at the core of these new initiatives.
Section 3: Secure frontier model deployment
Section 3 lays out a voluntary framework. Within 60 days, the Secretary of the Treasury, the NSA, and CISA, in consultation with the White House Chief of Staff through the National Cyber Director, the Assistant to the President for Science and Technology, and the Secretary of Commerce through NIST, are directed to develop a classified benchmarking process to assess the advanced cyber capabilities of AI models and determine when a model should be designated a "covered frontier model."
The framework gives developers a path to engage the government early, to provide access to covered frontier models under appropriate confidentiality and cybersecurity protections for up to 30 days before release to trusted partners, and to collaborate on selecting those trusted partners. Importantly, the order is explicit that nothing in this section authorizes the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models.
How Okta sees it
The emphasis on a voluntary framework, rather than a mandate, matters. It signals trust in the private sector and recognizes that the people building these models are also the people best positioned to help secure them. That balance between security and a light regulatory touch is one we welcome, and it preserves the choice that customers and developers deserve.
Section 4: Protection against criminal actors
Section 4 directs the Attorney General to prioritize enforcement of 18 U.S.C. 1028, 1030, 1343, and other applicable federal criminal laws against anyone who uses AI to illegally access or damage a computer, or who employs AI agents to access data unlawfully that is later used for criminal purposes.
How Okta sees it
As AI agents become more capable and more common, the question of who is acting and whether they are authorized becomes central. Because AI expands the attack surface by executing thousands of operations per minute, strict accountability is critical. Holding bad actors accountable is necessary, and pairing enforcement with strong identity controls ensures only authorized users and agents can reach sensitive systems in the first place.
How Okta supports the next phase of federal AI governance
As federal agencies, state governments, and private-sector organizations work to align with this new executive order, demand for actionable implementation guidance will likely surge. We expect public-to-private partnerships to bring a community approach that develops open standards and defensible implementation guidelines, and we welcome that.
Through Okta’s neutrality, customers can choose leading security products, applications, and tools for their mission. We look forward to working with Congress, policymakers, and agencies to support these efforts and promote America's continued leadership in AI.
Ready to align your organization with these new security standards? Assess your security posture with the Okta AI Blueprint to identify gaps and build a defensible strategy for your autonomous systems.
